Bug#1014221: bullseye-pu:package procmail/3.22-26+deb11u1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1014221: bullseye-pu:package procmail/3.22-26+deb11u1
From: Santiago Vila <sanvila@unex.es>
Date: Sat, 2 Jul 2022 13:36:17 +0200
Message-id: <[🔎] 311bff85-272f-7e71-ea38-63a1b0becc94@unex.es>
Reply-to: Santiago Vila <sanvila@unex.es>, 1014221@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org@packages.debian.org
Usertags: pu

Dear release managers: There was a NULL pointer dereference fix inprocmail which I've just applied to bullseye as well. There is no CVEfor this, but nevertheless it's the type of bug I don't want to see instable.

The patch was taken from the author's git repository and it has beenworking in testing/unstable for several months now.


The debdiff is attached.

(I will also try to upload for buster before its final release)

Thanks.

diff -Nru procmail-3.22/debian/changelog procmail-3.22/debian/changelog
--- procmail-3.22/debian/changelog	2017-11-16 23:42:36.000000000 +0100
+++ procmail-3.22/debian/changelog	2022-07-02 13:20:00.000000000 +0200
@@ -1,3 +1,11 @@
+procmail (3.22-26+deb11u1) unstable; urgency=medium
+
+  * Fix NULL pointer dereference. Closes: #769938.
+    Reported by Jakub Wilk using American Fuzzy Lop.
+    Patch from Stephen R. van den Berg.
+
+ -- Santiago Vila <sanvila@debian.org>  Sat, 02 Jul 2022 13:20:00 +0200
+
 procmail (3.22-26) unstable; urgency=medium
 
   * Fix buffer overflow in loadbuf(). Closes: #876511.
diff -Nru procmail-3.22/debian/patches/31 procmail-3.22/debian/patches/31
--- procmail-3.22/debian/patches/31	1970-01-01 01:00:00.000000000 +0100
+++ procmail-3.22/debian/patches/31	2022-07-02 12:32:00.000000000 +0200
@@ -0,0 +1,19 @@
+From: Stephen R. van den Berg <srb@cuci.nl>
+Subject: Cater for mails containing an incomplete From_ line.
+Bug-Debian: http://bugs.debian.org/769938
+X-Debian-version: 3.22-27
+
+--- a/src/from.c
++++ b/src/from.c
+@@ -117,7 +117,10 @@
+ 	      themail.p[extra]='\0';		  /* terminate it for strchr */
+ 	    }
+ 	   while(!(rstart=strchr(themail.p,'\n')));
+-	   extra=rstart?extra-(++rstart-themail.p):0;
++	   if (rstart)
++	     extra -= ++rstart - themail.p;
++	   else
++	     extra = 0, rstart = themail.p;
+ 	 }
+ 	else
+ 	 { size_t tfrl= ++rstart-themail.p; /* length of existing From_ line */
diff -Nru procmail-3.22/debian/patches/series procmail-3.22/debian/patches/series
--- procmail-3.22/debian/patches/series	2017-11-16 23:41:45.000000000 +0100
+++ procmail-3.22/debian/patches/series	2022-07-02 12:00:00.000000000 +0200
@@ -29,3 +29,4 @@
 28
 29
 30
+31

Reply to:

Follow-Ups:
- Bug#1014221: procmail 3.22-26+deb11u1 flagged for acceptance
  - From: Adam D Barratt <adam@adam-barratt.org.uk>
- Bug#1014221: marked as done (bullseye-pu:package procmail/3.22-26+deb11u1)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Bug#1013670: transition: srt
Next by Date: Bug#1004459: bullseye-pu: package lxc/1:4.0.6-2+deb11u1
Previous by thread: Bug#1013670: transition: srt
Next by thread: Bug#1014221: bullseye-pu:package procmail/3.22-26+deb11u1
Index(es):
- Date
- Thread